Lucene search

K
cveRedhatCVE-2020-27758
HistoryDec 08, 2020 - 10:15 p.m.

CVE-2020-27758

2020-12-0822:15:18
CWE-190
redhat
web.nvd.nist.gov
156
3
cve-2020-27758
imagemagick
txt.c
coders
security vulnerability
crafted file
undefined behavior
nvd
7.0.8-68

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.6

Confidence

Low

EPSS

0.001

Percentile

33.5%

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

Affected configurations

Nvd
Vulners
Node
imagemagickimagemagickRange<6.9.10-68
OR
imagemagickimagemagickRange7.0.0-07.0.8-68
Node
debiandebian_linuxMatch9.0
VendorProductVersionCPE
imagemagickimagemagick*cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "ImageMagick",
    "versions": [
      {
        "version": "prior to 7.0.8-68",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.6

Confidence

Low

EPSS

0.001

Percentile

33.5%